[Pkg-openssl-devel] bad debian openssl and -rand option

Kurt Roeckx kurt at roeckx.be
Thu May 22 16:59:15 UTC 2008


On Thu, May 22, 2008 at 08:33:07AM +0200, emaxx-debian wrote:
> Kurt Roeckx wrote on 21-5-2008 20:23:
> > No source of random data could ever get added to the PRNG.  The -rand
> > option was useless.
> >
> >
> > Kurt
> Hi Kurt,
> 
> Thanks for your response!
> 
> I checked the private keys I generated with the bad debian openssl 
> against a blacklist (openssl-vulnkey on Ubuntu) and they weren't 
> comprimised. Then I did an extra check with two new keys generated with 
> the bad debian openssl: one generated with the -rand option, one 
> without. Only the one generated without the -rand option was 
> compromised. My conclusion was that the entropy added via the -rand 
> option was used and made the key more thrustworthy, isn't it?

With the vulnerable version of libssl0.9.8 the -rand option has
_an_ effect on PRNG.  But that result is also predictable.

The lists created for the openssl-vulnkey should contain keys for
combinations of:
- All PIDs (1 - 32767)
- Presence of .rnd file (yes or no)
- Machine endianness (little or big)
- Word size (I think 32 and 64?)

The effect of the -rand option is probably simular to the effect
of the presence of the .rnd option.  It adds something to the PRNG,
but the result of that is predictable.  There is no way that
something random can get added to the PRNG.  It's not because the
blacklist doesn't contain the generated key that it's a good key.


Kurt




More information about the Pkg-openssl-devel mailing list